CVE Vulnerabilities

CVE-2020-10965

Improper Authentication

Published: Mar 25, 2020 | Modified: Jul 21, 2021
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password resets via login/resetadminpassword of the default admin account. This vulnerability only exists when the default admin account is not disabled. It is fixed in 20.01.1 and 19.11.2.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Pcoip_management_console Teradici 19.11.1 (including) 19.11.1 (including)
Pcoip_management_console Teradici 20.01.0 (including) 20.01.0 (including)

Potential Mitigations

References